Google Fighting a SIM Swap Attack

In recent years, sim swap attacks have become a growing concern for individuals and businesses alike. These attacks can result in identity theft, financial losses, and other security breaches.

Phone during a sim swap attack
Photo by Deepanker Verma

What Is a Sim Swap Attack

A sim swap attack is a type of fraud that involves taking over a victim’s mobile phone number by transferring it to a new sim card. The attacker then uses the new sim card to gain access to the victim’s accounts, such as bank accounts, social media platforms, and email accounts.

How Sim Swap Attacks Work

Sim swap attacks typically start with the attacker gathering personal information about the victim, such as their name, address, and date of birth. This information is then used to contact the victim’s mobile service provider and request a sim swap.

The attacker may impersonate the victim or claim that their phone has been lost or stolen. If successful, the mobile service provider will transfer the victim’s phone number to a new sim card, which the attacker controls.

Who Took What?

Although the tech giant has not disclosed which provider was compromised and therefore used to execute this supply chain attack, they only partner with Sprint, US Cellular, and T-Mobile. The latter recently experienced a cyber-attack that exposed the data of 37M customers. Read more about the attack on T-Mobile here.

In the meantime, Google has yet to track down the perpetrator of this attack, nor have they released an update about what steps customers should take to protect their data. Customers who may have been affected by the breach should expect to receive notifications from the corporation in the coming weeks, as they work with authorities to track down who did it and what, exactly, was stolen (or potentially even leaked).

Examples of Sim Swap Attack

Sim swap attacks have been used in a variety of ways, from stealing cryptocurrency to accessing personal information. In one high-profile case, a cryptocurrency investor lost millions of dollars in Bitcoin after his phone number was transferred to a new sim card by an attacker.

Google is currently dealing with a cyberattack on its telecom and mobile virtual network operation (MVNO) service. Since 2016, Google Fi has been servicing what is now approximately 500K active users.

Many companies use third-party services to perform routine operations, including customer support. That means that the support team’s training and security are not funded by Google’s deep pockets, and Google doesn’t train them either. That naturally opens up a crack for hackers to slither in and try to drill into big databases like Google’s.

What’s Happening to Users

Since the attack, many Fi users have reported password reset notifications from places like their Outlook, cryptocurrency wallets, and authentication apps. The people responsible are evidently attempting to gain access to these accounts or, if that fails, reset passwords and request multi-factor authentication codes via SMS message. This is most likely an attempt at a SIM swap attack.

Phone under sim swap attack
Photo by Silvie Lindemann

SIM swap just means replacing one SIM card with another. This can be done benignly; for example, if you want to switch to a different SIM provider or upgrade your current SIM card with a new one. It lets you keep your existing phone number and data while upgrading a device. This swap can, however, be used against people too.

In a SIM swap attack, hackers steal your phone number and use it to gain access to your bank accounts or other online services. In this case, they’re trying to compromise your telecom service in the latest of a recent rise in threats against the telecommunications industry. In the case of Google Fi’s breach, the threat actors are attempting to reset your passwords via SMS code; by breaking into your phone number, the threat actor can spy on your message, see the one-time notification and gain access to your Fi account that way.

Conclusion

Consider changing your login credentials for your profile, and monitor your payment and account activity so that you can immediately flag suspicious changes. Eventually, Google Fi will release an update about what they’ve done to identify and find the attacker, and what next steps you should take (if any) to improve your account’s integrity.

This is only the latest in an upward trend of telecom services being targeted by hackers. Large organizations are not exempt from threat actors, even with top-of-the-line security teams and defenses. These days it really is a matter of if, not when, you experience a cyber event yourself! Prepare yourself by paying attention to your security awareness training and keeping abreast of breaking news in the cyber-threat landscape!

References